Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015 Ran by irena at 2015-02-06 20:15:45 Running from C:\Documents and Settings\irena\Pulpit Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AntiVir Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{42358881-F906-264B-CE0D-11E597781C0D}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.2.0.700 - Avira GmbH) ccc-core-static (Version: 2011.0316.116.298 - Nazwa firmy) Hidden Detektor Winampa (HKU\S-1-5-21-746137067-261478967-682003330-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Gadu-Gadu 10 (HKLM\...\Gadu-Gadu 10) (Version: - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden hp deskjet 3320 series (HKLM\...\hp deskjet 3320 series_Driver) (Version: - ) HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0003 - HPQ) HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.8300 - HP) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT) Karta sieci bezprzewodowej Broadcom 802.11 (HKLM\...\Karta sieci bezprzewodowej Broadcom 802.11) (Version: 5.60.48.35 - Broadcom Corporation) K-Lite Codec Pack 8.1.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 pl)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek) Skins (Version: 2011.0316.116.298 - ATI) Hidden Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.5\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.23.9\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.15\psuser.dll (the data entry has 8 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.11\psuser.dll (the data entry has 8 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.5\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-746137067-261478967-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.7\psuser.dll (the data entry has 7 more characters). ==================== Restore Points ========================= 11-11-2014 14:09:52 Punkt kontrolny systemu 12-11-2014 14:37:03 Punkt kontrolny systemu 30-11-2014 17:31:25 Punkt kontrolny systemu 01-12-2014 18:13:15 Punkt kontrolny systemu 02-12-2014 18:21:34 Punkt kontrolny systemu 03-12-2014 18:33:02 Punkt kontrolny systemu 04-12-2014 21:31:07 Punkt kontrolny systemu 05-12-2014 22:08:11 Punkt kontrolny systemu 07-12-2014 08:35:21 Punkt kontrolny systemu 08-12-2014 13:18:43 Punkt kontrolny systemu 09-12-2014 13:31:00 Punkt kontrolny systemu 10-12-2014 13:33:24 Punkt kontrolny systemu 11-12-2014 13:38:58 Punkt kontrolny systemu 12-12-2014 15:34:19 Punkt kontrolny systemu 13-12-2014 19:44:07 Punkt kontrolny systemu 15-12-2014 12:33:09 Punkt kontrolny systemu 16-12-2014 12:36:59 Punkt kontrolny systemu 17-12-2014 17:05:45 Punkt kontrolny systemu 18-12-2014 18:23:01 Punkt kontrolny systemu 19-12-2014 19:26:31 Punkt kontrolny systemu 07-01-2015 17:41:46 Punkt kontrolny systemu 08-01-2015 21:58:49 Punkt kontrolny systemu 09-01-2015 22:12:22 Punkt kontrolny systemu 10-01-2015 22:37:17 Punkt kontrolny systemu 11-01-2015 23:04:39 Punkt kontrolny systemu 12-01-2015 23:47:05 Punkt kontrolny systemu 14-01-2015 08:05:16 Punkt kontrolny systemu 15-01-2015 08:22:53 Punkt kontrolny systemu 24-01-2015 19:35:48 Punkt kontrolny systemu 25-01-2015 21:53:32 Punkt kontrolny systemu 26-01-2015 22:07:55 Punkt kontrolny systemu 27-01-2015 22:15:07 Punkt kontrolny systemu 28-01-2015 23:09:58 Punkt kontrolny systemu 30-01-2015 10:45:57 Punkt kontrolny systemu 31-01-2015 20:08:35 Punkt kontrolny systemu 01-02-2015 20:44:31 Punkt kontrolny systemu 02-02-2015 20:55:14 Punkt kontrolny systemu 03-02-2015 22:06:55 Punkt kontrolny systemu 04-02-2015 22:30:41 Punkt kontrolny systemu 05-02-2015 22:42:27 Punkt kontrolny systemu 06-02-2015 14:35:21 Operacja przywracania ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-10-26 18:45 - 2001-10-26 18:45 - 00000742 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-682003330-1003Core.job => C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-682003330-1003UA.job => C:\Documents and Settings\irena\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2009-10-12 12:47 - 2009-10-12 12:47 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2011-08-21 11:28 - 2010-06-17 14:27 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2009-10-12 12:50 - 2009-10-12 12:50 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll 2015-01-26 21:41 - 2015-01-26 21:41 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll 2011-03-14 13:20 - 2011-03-14 13:20 - 00098304 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-03-16 00:14 - 2011-03-16 00:14 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-746137067-261478967-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\irena\Moje dokumenty\!Decrypt-All-Files-scqwxua.bmp ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-746137067-261478967-682003330-500 - Administrator - Enabled) Gość (S-1-5-21-746137067-261478967-682003330-501 - Limited - Disabled) irena (S-1-5-21-746137067-261478967-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\irena Pomocnik (S-1-5-21-746137067-261478967-682003330-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-746137067-261478967-682003330-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2015 09:09:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd plugin-container.exe, wersja 35.0.1.5500, moduł powodujący błąd mozalloc.dll, wersja 35.0.1.5500, adres błędu 0x00001425. Przetwarzanie zdarzenia określonego nośnika dla [plugin-container.exe!ws!] Error: (02/05/2015 08:38:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error: (02/05/2015 08:38:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. System errors: ============= Error: (02/03/2015 04:38:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 03:38:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 02:38:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 01:38:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 00:38:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 10:38:00 AM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 09:38:00 AM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 08:38:00 AM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 07:38:00 AM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Error: (02/03/2015 06:38:00 AM) (Source: Schedule) (EventID: 7901) (User: ) Description: Uruchomienie polecenia At1.job nie powiodło się, ponieważ wystąpił następujący błąd: %%2147942402 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD V120 Processor Percentage of memory in use: 38% Total physical RAM: 1788.49 MB Available physical RAM: 1093.59 MB Total Pagefile: 3683.26 MB Available Pagefile: 3050.74 MB Total Virtual: 2047.88 MB Available Virtual: 1954.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:41.11 GB) (Free:27.29 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (Dane) (Fixed) (Total:191.77 GB) (Free:170.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 99F3445E) Partition 1: (Active) - (Size=41.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=191.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================